1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 96
Page 476 / 944 Scroll up to view Page 471 - 475
Chapter 29 Anti-Virus
ZyWALL USG 50 User’s Guide
476
The following table describes the labels in this screen.
Table 140
Configuration > Anti-X > Anti-Virus > Signature
LABEL
DESCRIPTION
Signatures
Search
Select the criteria on which to perform the search.
Select
By Name
from the drop down list box and type the name or part
of the name of the signature(s) you want to find. This search is not
case-sensitive.
Select
By ID
from the drop down list box and type the ID or part of the
ID of the signature you want to find.
Select
By Severity
from the drop down list box and select the severity
level of the signatures you want to find.
Select
By Category
from the drop down list box and select whether you
want to see virus signatures or spyware signatures.
Click
Search
to have the ZyWALL search the signatures based on your
specified criteria.
Query all
signatures and
export
Click
Export
to have the ZyWALL save all of the anti-virus signatures to
your computer in a .txt file.
Query Result
#
This is the entry’s index number in the list.
Name
This is the name of the anti-virus signature. Click the
Name
column
heading to sort your search results in ascending or descending order
according to the signature name.
Click a signature’s name to see details about the virus.
ID
This is the IDentification number of the anti-virus signature. Click the ID
column header to sort your search results in ascending or descending
order according to the ID.
Severity
This is the severity level of the anti-virus signature. Click the severity
column header to sort your search results by ascending or descending
severity.
Category
This column displays whether the signature is for identifying a virus or
spyware. Click the column heading to sort your search results by
category.
Page 477 / 944
Chapter 29 Anti-Virus
ZyWALL USG 50 User’s Guide
477
29.7
Anti-Virus Technical Reference
Types of Computer Viruses
The following table describes some of the common computer viruses.
Computer Virus Infection and Prevention
The following describes a simple life cycle of a computer virus.
1
A computer gets a copy of a virus from a source such as the Internet, e-mail, file
sharing or any removable storage media. The virus is harmless until the execution
of an infected program.
2
The virus spreads to other files and programs on the computer.
3
The infected files are unintentionally sent to another computer thus starting the
spread of the virus.
4
Once the virus is spread through the network, the number of infected networked
computers can grow exponentially.
Types of Anti-Virus Scanner
The section describes two types of anti-virus scanner: host-based and network-
based.
Table 141
Common Computer Virus Types
TYPE
DESCRIPTION
File Infector
This is a small program that embeds itself in a legitimate program. A
file infector is able to copy and attach itself to other programs that are
executed on an infected computer.
Boot Sector
Virus
This type of virus infects the area of a hard drive that
a computer
reads and executes during startup. The virus causes computer crashes
and to some extend renders the infected computer inoperable.
Macro Virus
Macro viruses or Macros are small programs that are created to
perform repetitive actions. Macros run automatically when a file to
which they are attached is opened. Macros spread more rapidly than
other types of viruses as data files are often shared on a network.
E-mail Virus
E-mail viruses are malicious programs that spread through e-mail.
Polymorphic
Virus
A polymorphic virus (also known as a mutation virus) tries to evade
detection by changing a portion of its code structure after each
execution or self replication. This makes it harder for an anti-virus
scanner to detect or intercept it.
A polymorphic virus can also belong to any of the virus types discussed
above.
Page 478 / 944
Chapter 29 Anti-Virus
ZyWALL USG 50 User’s Guide
478
A host-based anti-virus (HAV) scanner is often software installed on computers
and/or servers in the network. It inspects files for virus patterns as they are
moved in and out of the hard drive. However, host-based anti-virus scanners
cannot eliminate all viruses for a number of reasons:
HAV scanners are slow in stopping virus threats through real-time traffic (such
as from the Internet).
HAV scanners may reduce computing performance as they also share the
resources (such as CPU time) on the computer for file inspection.
You have to update the virus signatures and/or perform virus scans on all
computers in the network regularly.
A network-based anti-virus (NAV) scanner is often deployed as a dedicated
security device (such as your ZyWALL) on the network edge. NAV scanners inspect
real-time data traffic (such as E-mail messages or web) that tends to bypass HAV
scanners. The following lists some of the benefits of NAV scanners.
NAV scanners stops virus threats at the network edge before they enter or exit a
network.
NAV scanners reduce computing loading on computers as the read-time data
traffic inspection is done on a dedicated security device.
Page 479 / 944
ZyWALL USG 50 User’s Guide
479
C
HAPTER
30
IDP
30.1
Overview
This chapter introduces packet inspection IDP (Intrusion, Detection and
Prevention), IDP profiles, binding an IDP profile to a traffic flow, custom signatures
and updating signatures. An IDP system can detect malicious or suspicious
packets and respond instantaneously. IDP on the ZyWALL protects against
network-based intrusions.
30.1.1
What You Can Do in this Chapter
Use the
Anti-X > IDP > General
screen (
Section 30.2 on page 481
) to turn
IDP on or off, bind IDP profiles to traffic directions, and view registration and
signature information. Click the
Add
or
Edit
icon in this screen to bind an IDP
profile to a traffic direction.
Use the
Anti-X > IDP > Profile
screen (
Section 30.3 on page 483
) to add a
new profile, edit an existing profile or delete an existing profile.
Use the
Anti-X > IDP >
Custom Signature
screens (
Section 30.8 on page
498
) to create a new signature, edit an existing signature, delete existing
signatures or save signatures to your computer.
30.1.2
What You Need To Know
Packet Inspection Signatures
A signature identifies a malicious or suspicious packet and specifies an action to be
taken. You can change the action in the profile screens. Packet inspection
signatures examine
OSI (Open System Interconnection) layer-4 to layer-7 packet
contents for malicious data. Generally, packet inspection signatures are created
for known attacks while anomaly detection looks for abnormal behavior (see
Section 31.1 on page 513
).
Zone
A zone is a combination of ZyWALL interfaces and VPN connections used for
configuring security. See the zone chapter for details on zones and the interfaces
chapter for details on interfaces.
Page 480 / 944
Chapter 30 IDP
ZyWALL USG 50 User’s Guide
480
IDP Profiles
An IDP profile is a set of related IDP signatures that you can activate as a set and
configure common log and action settings. You can apply IDP profiles to traffic
flowing from one zone to another. For example, apply the default LAN_IDP profile
to any traffic going to the LAN zone in order to protect your LAN computers.
Note: You can only apply one IDP profile to one traffic flow.
Base IDP Profiles
Base IDP profiles are templates that you use to create new IDP profiles.The
ZyWALL comes with several base profiles. See
Table 143 on page 484
for details
on base profiles.
IDP Policies
An IDP policy refers to application of an IDP profile to a traffic flowing from one
zone to another.
Applying Your IDP Configuration
Changes to the ZyWALL’s IDP settings affect new sessions (not the sessions that
already existed before you applied the changed settings).
Finding Out More
See
Section 6.5.19 on page 103
for IDP prerequisite information.
See
Section 31.1 on page 513
for anomaly detection and protection.
See
Section 30.9 on page 510
for more information on network-based intrusions
See
Section 30.6.2 on page 490
for a list of attacks that the ZyWALL can protect
against.
See
Section 30.7 on page 497
for how to create your own custom IDP
signatures.
30.1.3
Before You Begin
Register for a trial IDP subscription in the
Registration
screen (see
Section
10.2 on page 211
). This gives you access to free signature updates. This is
important as new signatures are created as new attacks evolve. When the trial
subscription expires, purchase and enter a license key using the same screens
to continue the subscription.
Configure zones on the ZyWALL - see
Chapter 15 on page 311
for more
information.

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top